5-30 Oracle WebLogic Communications Server Administration Guide case additional logic may be required to map user names received from each domain. A custom user name mapper class is required if you want to map usernames to WebLogic usernames, or if you want to logically process multiple usernames specified in the X-3GPP-Asserted-Identity header rather than using only the first username. See Oracle Fusion Middleware Securing Oracle WebLogic Server for more information. Alternately, leave this field blank to use the default user name mapper. The default mapper simply discards the domain name and takes the first resulting user name to assert the identity. For example, the default user name mapper takes the following header: X-3GPP-Asserted-Identity: user1oracle.com, user2oracle.com and asserts the identity user1.

13. Click Save.

5.11 Configuring Basic Authentication for HTTP Servlets

Although Basic authentication is deprecated for use with SIP Servlets, you may choose to use this authentication mechanism with HTTP Servlets. Basic authentication is supported via the LDAPAuthenticator provider. Follow these steps to configure the provider with Oracle Internet Directory: 1. Log in to the Administration Console for the Oracle WebLogic Communication Services domain you want to configure.

2. In the left pane of the Console, select the Security Realms node.

3. Select the name of your security realm in the right pane of the Console. for example, myrealm.

4. Select the Providers Authentication tab.

5. Click New.

6. Enter a name for the new provider, and select LDAPAuthenticator for the Type field.

7. Click OK.

8. Select the name of the new provider you just created.

9. Select the Configuration Provider Specific tab.

10. Fill in the fields of the configuration page as follows: ■ Principal : Enter the application instance that was configured for Oracle WebLogic Communication Services in Oracle Internet Directory for example, orclApplicationCommonName=WLSSInstance1,cn=WLSS,cn=Products,cn=Or acleContext,dc=example,dc=com. Note that you must provision this instance manually after installing Oracle Internet Directory. See Section 5.12, Provisioning Resources in Oracle Internet Directory for instructions. ■ Credential : Enter the password of the Principal that was configured in Oracle Internet Directory. ■ Group Base DN: Enter the DN of the Groups object in Oracle Internet Directory for example, cn=groups,dc=example,dc=com. ■ User Base DN: Enter the DN of the Users object in Oracle Internet Directory for example, cn=Users,dc=example,dc=com.

11. Click Save.

Administering Security Features 5-31

5.12 Provisioning Resources in Oracle Internet Directory

The following sections provide an overview of how to provision Oracle WebLogic Communication Services resources when using Oracle Internet Directory as your LDAP provider. These instructions are necessary when using Digest Authentication with a precalculated hash value, or when configuring Basic authentication for HTTP Servlets. See the Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory for more details about these procedures.

5.12.1 Configuring Oracle Internet Directory

You must configure the following mappings for the OID LDAP backend: ■ JAAS Usernames to LDAP User Entries--JAAS Java Authentication and Authorization Service user names are mapped to LDAP Users based on value of the orclcommonnicknameattribute under the node cn=Common,cn=Products,cn=OracleContext. For example, setting this attribute to uid implies that users authenticating against OID must provide their corresponding LDAP uid as their username during authentication. The rest of the configuration described in this chapter assumes that the orclcommonnicknameattribute is set to uid default value. ■ JAAS Realms to LDAP Subscribers--JAAS realms are mapped to LDAP Realm entries based on the value given to orclsubscribernicknameattribute under the root cn=Common,cn=Products,cn=OracleContext node for an OID deployment. For example, setting the value of orclsubscribernicknameattribute to o the letter o for an OID deployment implies that users authenticating against OID must belong to the JAAS realm identified by the value of the o attribute. Set the value of orclsubscribernicknameattribute to o. ■ JAAS Roles to LDAP Groups--Group membership determines the JAAS roles for a specific user. Mapping LDAP groups to JAAS roles is based on the value given to orclcommonnamingattribute under the node cn=Common,cn=Products,cn=OracleContext for each of the provisioned LDAP Realms. For example, if a user belongs to an LDAP group with the distinguished name of cn=Location Service, cn=groups, dc=example, dc=com and the orclcommonnamingattribute is set to cn, then that JAAS user is populated with the Location Service JAAS role. Set the value of orclcommonnamingattribute to cn

5.12.2 Configuring Static Verifiers

After configuring Oracle Internet Directory as described above, you must create a new product entry for Oracle WebLogic Communication Services OWLCS, install the static verifier, create entries for each instance of OWLCS, and grant verifier privileges to each new instance created. You must perform these steps before provisioning users in OID. If users already exist in OID, after creating and configuring the static verifier, users must reset their passwords before they can login successfully.

5.12.2.1 Add Oracle WebLogic Communication Services

To add the Oracle WebLogic Communication Services product to Oracle Internet Directory: 1. Start the oidadmin tool in ORACLE_HOMEbin and connect to the installed Oracle Internet Directory server. Login using orcladmin account and the password you chose during your installation of Oracle Internet Directory.